No permission to write / root access after 11.2 U6 -> 11.2 U8

[dnblover91]

Hello everbody,

since the update, I no longer have write permissions and I can't copy files to my share.

When I open the WebUI Shell and want to set permissions via chmod, the following error appears:

Code:

chmod: ./dokus/: Operation not permitted

My log says the following:

Code:

Mar 29 00:00:00 tobicloud newsyslog[42790]: logfile turned over due to size>200K
Mar 29 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Mar 29 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Mar 29 03:45:00 tobicloud ZFS: vdev state changed, pool_guid=18043600812353477224 vdev_guid=12230459120571813182
Mar 29 03:45:00 tobicloud ZFS: vdev state changed, pool_guid=18043600812353477224 vdev_guid=6922752055627432590
Mar 29 21:41:15 tobicloud /middlewared[244]: dnssd_clientstub DNSServiceRefSockFD called with invalid DNSServiceRef 0x81be3b720 FFFFFFFF DDDDDDDD
Mar 29 21:41:15 tobicloud /middlewared[244]: dnssd_clientstub DNSServiceProcessResult called with invalid DNSServiceRef 0x81b64d480 FFFFFFFF DDDDDDDD
Mar 30 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Mar 30 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Mar 31 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Mar 31 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Apr  1 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Apr  1 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Apr  1 04:00:00 tobicloud ZFS: vdev state changed, pool_guid=1509708107003837790 vdev_guid=11298425998815086351
Apr  1 04:00:01 tobicloud ZFS: vdev state changed, pool_guid=1509708107003837790 vdev_guid=13163748094900907523
Apr  1 04:00:01 tobicloud ZFS: vdev state changed, pool_guid=1509708107003837790 vdev_guid=4143320413361199118
Apr  1 04:00:01 tobicloud ZFS: vdev state changed, pool_guid=1509708107003837790 vdev_guid=8470553692199765899
Apr  2 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Apr  2 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Apr  3 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Apr  3 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Apr  3 00:27:48 tobicloud rpc.statd: Unsolicited notification from host Tobiass-MacBook-Pro.local
Apr  3 01:48:20 tobicloud rpc.statd: Unsolicited notification from host Tobiass-MacBook-Pro.local
Apr  4 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Apr  4 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Apr  5 00:00:00 tobicloud syslog-ng[3673]: Configuration reload request received, reloading configuration;
Apr  5 00:00:00 tobicloud syslog-ng[3673]: Configuration reload finished;
Apr  5 20:37:26 tobicloud sshd[74502]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 20:37:26 tobicloud sshd[74502]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 20:37:26 tobicloud sshd[74503]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 20:43:35 tobicloud rpc.statd: Unsolicited notification from host Tobiass-MacBook-Pro.local
Apr  5 21:01:11 tobicloud nfsd: can't register svc name
Apr  5 21:02:44 tobicloud rpc.statd: Invalid hostname to sm_mon: Tobiass-MacBook-Pro.local
Apr  5 21:02:44 tobicloud kernel: Local NSM refuses to monitor Tobiass-MacBook-Pro.local
Apr  5 21:02:44 tobicloud kernel: Local NSM refuses to monitor Tobiass-MacBook-Pro.local
Apr  5 22:35:32 tobicloud sshd[78283]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 22:35:32 tobicloud sshd[78283]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 22:35:32 tobicloud sshd[78284]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 22:38:49 tobicloud kernel: Failed to fully fault in a core file segment at VA 0x8014de000 with size 0xd000 to be written at offset 0x22e000 for process winbindd
Apr  5 22:38:49 tobicloud kernel: Failed to fully fault in a core file segment at VA 0x8014de000 with size 0xd000 to be written at offset 0x22e000 for process winbindd
Apr  5 22:38:49 tobicloud kernel: pid 4534 (winbindd), uid 0: exited on signal 6 (core dumped)
Apr  5 22:48:25 tobicloud rpc.statd: Unsolicited notification from host Tobiass-MacBook-Pro.local
Apr  5 22:51:23 tobicloud mountd[75429]: mount request denied from 192.168.178.23 for /
Apr  5 22:52:42 tobicloud sshd[79096]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 22:52:42 tobicloud sshd[79096]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501
Apr  5 22:52:43 tobicloud sshd[79097]: _secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501

That seems wrong:

Code:

_secure_path: /mnt/tank/users/tobse/.login_conf is not owned by uid 501

UID 501 is the associated one for user 'tobse'



I found a solved ticket about that, but it isnt exactly my error:

https://redmine.ixsystems.com/issues/76593

If further information is needed to solve the problem, please let me know.

 

[anodos]

chmod is probably disallowed because of the dataset has a "restricted" aclmode. Looks like you also have incorrect ownership on /mnt/tank/users/tobse/.login_conf. Winbindd crashing is somewhat interesting. ssh into the server and check permissions on each path component leading to your share "getfacl /mnt/tank", "getfacl /mnt/tank/users", etc.

 

[dnblover91]

Hi,

"files and wheel" are set as auxiliary groups for user "tobse" .


Permissions of "/etc/login.conf"

Code:

tobse@tobicloud /etc % ls -l login.conf
-rwxrwxr--   1 root  wheel      6826 Mar 28 00:33 login.conf

Permissions of relevant Datasets:

Code:

# file: /mnt/tank/files
# owner: root
# group: files
            owner@:rwxpDdaARWcCos:fdi----:allow
            group@:rwxpDdaARWcCos:fdi----:allow
         everyone@:--------------:fdi----:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:rwxp--a-R-c--s:-------:allow

BEFORE:

Code:

# file: /mnt/tank
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:r-x---a-R-c--s:-------:-------:allow
         everyone@:r-x---a-R-c--s:-------:allow

fixed group permissions

AFTER:

Code:

# file: /mnt/tank
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:r-x---a-R-c--s:-------:allow